Methods to improve security of conference calls by observation of attendees&#39; order and time of joining the call

ABSTRACT

An embodiment of the invention includes a method for detecting fraudulent use in a conference calling system. A threshold period is received, wherein the threshold period indicates the maximum allowable time period for a participant of a conference call to enter the conference call prior to the entry of the moderator of the conference call. A monitor detects the entry of the moderator into the conference call and entry of the participants into the conference call. A waiting period is determined for one or more of the participants, wherein the waiting period represents the time period between the entry of the moderator and the entry of the participant. A processor compares the waiting period to the threshold period. If the threshold period exceeds the waiting period, the conference call is allowed to continue. In at least one embodiment, actions are performed with the processor if the waiting period exceeds the threshold period.

BACKGROUND

The present invention is in the field of methods, systems, and computerprogram products to improve security of conference calls by observationof attendees' order and time of joining the call.

A conference call (also known as a “teleconference” or a “teleconferencecall”) is a telephone call in which the calling party wishes to havemore than one called party participate in the audio portion of the call.The conference call may be designed to allow the called party toparticipate during the call, or the call may be set up so that thecalled party merely listens into the call and cannot speak. It is oftenreferred to as an ATC (Audio Tele-Conference). In addition to audio,conference calls can include video, multimedia and other communicationmethods.

Conference calls can be designed so that the calling party calls theother participants and adds them to the call; however, participants areusually able to call into the conference call without assistance from an“operator” of the conference system, by dialing into a special telephonenumber that connects to a “conference bridge” (a specialized type ofequipment that links telephone lines).

Companies commonly use a specialized service provider who maintains theconference bridge, or who provides the phone numbers and PIN codes thatparticipants dial to access the meeting or conference call.

SUMMARY

An embodiment of the invention includes a method for detectingfraudulent use in a conference calling system. A threshold period isreceived, wherein the threshold period indicates the maximum allowabletime period for a participant of a conference call to enter theconference call prior to the entry of the moderator of the conferencecall. A monitor detects the entry of the moderator into the conferencecall and entry of the participants into the conference call.

A waiting period is determined for one or more of the participants,wherein the waiting period represents the time period between the entryof the moderator and the entry of the participant. A processor comparesthe waiting period to the threshold period. If the threshold periodexceeds the waiting period, the conference call is allowed to continue.However, actions are performed with the processor if the waiting periodexceeds the threshold period.

The actions include sending an alert indicating that the waiting periodexceeded the threshold period to the moderator, an administrator of theconference calling system, participants of the conference call, and/orsecurity personnel. Another action validates credentials of theparticipants. More specifically, passcodes to enter the conference callare received from the participants. For each passcode entered, firstinformation (also referred to herein as “user information”) is obtainedfrom the person assigned the passcode. The first information includes anemployee number, an identification badge number, a home telephonenumber, a home address, a mobile telephone number, an e-mail address, anoffice telephone number, an office address, and/or answer(s) to securityquestion(s) entered by the person assigned the passcode. Secondinformation (also referred to herein as “validation information”) isobtained from the participant who entered the passcode. If the firstinformation matches the second information, an alert is sent to theparticipant indicating that the waiting period exceeds the thresholdperiod.

Further actions include permitting the administrator of the conferencecalling system to enter the conference call, disconnecting a participantfrom the conference call, terminating the conference call, and/orvoiding a passcode to the conference call. Another action generates andstores a report, where the report includes the time of entry of themoderator, the time of the entry of the participants, the thresholdperiod, the waiting periods, and/or the passcodes to the conferencecall. The report also includes the actions performed, including the userinformation from the person assigned a passcode, and the validationinformation from the participant.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

The present invention is described with reference to the accompanyingdrawings. In the drawings, like reference numbers indicate identical orfunctionally similar elements.

FIG. 1 illustrates a conference calling system according to embodimentof the invention;

FIG. 2 is a flow diagram illustrating a preparation phase according toan embodiment of the invention;

FIG. 3 is a flow diagram illustrating a method to improve security ofconference calls by observation of attendees' order and time of joiningthe call according to an embodiment of the invention;

FIG. 4 is a flow diagram illustrating a method for performing responseactions according to an embodiment of the invention;

FIG. 5 is a flow diagram illustrating a method for detecting fraudulentuse of a passcode in a conference calling system according to anembodiment of the invention;

FIG. 6 illustrates a system for detecting fraudulent use of a passcodein a conference calling system according to an embodiment of theinvention; and

FIG. 7 illustrates a computer program product according to an embodimentof the invention.

DETAILED DESCRIPTION

Exemplary, non-limiting embodiments of the present invention arediscussed in detail below. While specific configurations are discussedto provide a clear understanding, it should be understood that thedisclosed configurations are provided for illustration purposes only. Aperson of ordinary skill in the art will recognize that otherconfigurations may be used without departing from the spirit and scopeof the invention.

FIG. 1 illustrates a conference calling system (also known as ateleconference system) 100 according to embodiment of the invention,wherein a conference system administrator 110, conference moderator 120,participants 130, 140, and 150, and unauthorized intruder 160 areconnected to the conference calling system 100. The conference moderator120, participants 130, 140, and 150, and unauthorized intruder 160 areattendees of the conference calling system 100. In another embodiment,less than or more than three participants are connected to theconference calling system 100.

In order to connect to the conference calling system 100, theparticipants 130, 140, and 150 use a reservationless bridge. The bridgesetup is dynamic, wherein a call-in telephone number and a passcode fromthe conference moderator 120 are sufficient to begin the conferencecall. The participants 130, 140, and 150 have the same passcode (i.e.,Passcode A), which is different from the passcode of the conferencemoderator 120 (i.e., Passcode Z). In another embodiment of theinvention, the participants 130, 140, and 150 have different passcodes(e.g., Passcodes A, B, and C, respectively). In one embodiment, theintruder 160 has the conference moderator 120's passcode (i.e., PasscodeZ). In another embodiment, the intruder 160 utilizes a participant'spasscode (i.e., Passcode A, B, or C, depending on how passcodes areassigned) to connect to the conference calling system 100.

The conference system administer 110 configures the conference callingsystem 100 and assures its operation. These functions are embodied inthe service provider of the conference calling system (not shown).However, in one embodiment, these functions are delegated to thepurchaser of the conference calling service. In another embodiment, anautomatic monitoring system is utilized to configure the conferencecalling system 100 and assures its operation.

Having a passcode (either the passcode of the moderator 120 and/or oneof the participants 130, 140, and 150), the intruder 160 can eitherenter a conference call as an attendee during a legitimate meeting; or,the intruder 160 can establish an illegitimate meeting between himselfand other intruders. In the fraud scenario illustrated in FIG. 1, theconference call was already in-process when the conference moderator 120connected to the conference calling system 100. Without the frauddetection methodologies and systems herein, the conference callingsystem 100 does not inform the conference moderator 120 that anotherindividual had joined the conference call early. Thus, the conferencemoderator 120 is not aware of the fraud by the intruder 160.

In one example of fraud, the intruder 160 connects to the conferencecalling system and waits until a conference call begins. This allows theintruder 160 to obtain information during the conference call. Theintruder 160 is also allowed to use the conference calling system forother purposes after the moderator 120 and participants 130-150disconnect from the conference calling system, for example, holdinganother conference call by sharing the passcode with others. Bydetecting when a person joins the conference call more than a thresholdtime period prior to initiation of the conference call by the moderator120, an embodiment of the invention alerts the moderator 120 of theperson's early arrival and gives the moderator 120 the option to removethe person and/or alert others of potential fraud.

FIG. 2 is a flow diagram illustrating a preparation phase according toan embodiment of the invention. The preparation phase sets up a MaximumPrior to Meeting Start Time (MPMST) threshold (210), which is used toidentify potential intruders who have entered into the conferencecalling system too early. For example, the MPMST threshold is set toidentify a potential intruder who has entered into the conferencecalling system more than one hour before the moderator. Response actions(e.g., notify conference system administrator) are also set up duringthe preparation phase (220), which the conference calling system willperform if the threshold is exceeded, as more fully described below withreference to FIGS. 3-4.

An embodiment of the invention includes a method to identify potentiallyfraudulent access to a conference calling system by observing joiningtime of individuals and providing notification to the moderator if anindividual joins too early (as defined by a threshold value). FIG. 3 isa flow diagram illustrating a method to improve security of conferencecalls by observation of attendees' order and time of joining the callaccording to an embodiment of the invention. More specifically, theconference calling system determines whether the conference call hasbegun (310) and whether the moderator ID and/or passcode has beenentered (320).

If the moderator ID and/or passcode has been entered, the conferencecalling system determines the time periods since each attendee joinedthe conference call (330), i.e., the time periods between when eachattendee entered their respective passcode and when the moderatorentered the moderator ID and/or passcode. In another embodiment, theconference calling system determines attendee waiting periods before themoderator ID and/or passcode is entered, wherein the conference callingsystem determines the time periods between when each attendee enteredtheir respective passcode and when the first ID and/or passcode wasentered. The attendees of the conference call access the conferencecalling system using either a participant passcode or the moderator IDand/or passcode. In an alternative embodiment, the conference callingsystem determines the time periods since each attendee joined theconference call and when the conference call was scheduled to takeplace. For example, if the conference call was scheduled for 12:00(noon) and an attendee entered the passcode at 10:30 a.m., then theconference calling system determines that the attendee accessed theconference calling system an hour and a half early.

The conference calling system determines whether the time periods thatthe attendees joined the conference call are greater than the MPMSTthreshold (340). For instance, in the preceding example, if the MPMSTthreshold is 30 minutes, the conference calling system determines thatthe attendee entered the passcode too early.

If a time period that an attendee joined the conference call is greaterthan the MPMST threshold, then the conference calling system performsresponse actions (350), as more fully described below with reference toFIG. 4. The conference call is allowed to continue and response actionsare not performed if the time period for joining the conference call(also referred to herein as a “waiting period”) is less than the MPMSTthreshold for each attendee of the conference call. After the timeperiods are validated or response actions are taken, the conference callis ended (360).

FIG. 4 is a flow diagram illustrating a method for performing responseactions according to an embodiment of the invention. In alternativeembodiments, one or more of the response actions illustrated in FIG. 4are omitted, dependent on the configuration as determined in thepreparation phase. As described below, in at least one embodiment, theresponse actions illustrated in FIG. 4 are performed by a processorconnected to a user interface.

The processor determines whether to alert the moderator (409). The “truemoderator” is the actual person that has been assigned the moderatorpasscode by the conference calling system or the conference systemadministrator. The true moderator is alerted if that person is known bythe conference calling system; or, if the true moderator is not known bythe conference calling system, all of the moderators that have enteredthe moderator passcode are alerted by the processor, i.e., the truemoderator and the intruder if masquerading as a moderator (410). Thealert includes a notification that an attendee has accessed theconference calling system too early, i.e., the time period since anattendee entered a passcode and when a moderator ID and/or passcode wasentered exceeded the MPMST threshold. In at least one embodiment of theinvention, the alert also includes the total number of attendees, i.e.,the total number of moderator IDs and/or passcodes and participantpasscodes entered into the conference calling system and the timeperiods since the attendees joined the conference call and when themoderator ID and/or passcode was entered. In at least one embodiment,the alerts include a time stamped e-mail, text message, instant message,facsimile, and/or other form of communication indicating that the MPMSTthreshold has been exceeded by an attendee of the conference call. Inanother embodiment, as described below, the conference administratorand/or conference call participants are alerted instead of themoderator. In yet another embodiment, if the MPMST threshold is exceededprior to the moderator's entry into the conference call, the alert isnot sent to the moderator until the moderator ID and/or passcode isentered.

The true moderator is given the option to disconnect the attendee thatjoined the conference call too early from the conference calling system(419). The true moderator either allows the attendee that joined theconference call too early to participate in the conference call, or theattendee is disconnected from the conference calling system (420). In analternative embodiment, the conference calling system automaticallydisconnects the attendee that joined the conference call too early.

The processor determines whether to send an alert to the conferencesystem administrator (429). If the conference system administrator isalerted by the processor (430), further actions are automatically ormanually performed by the conference system administrator. In at leastone embodiment of the invention, such actions are setup prior toinitiation of the conference call (e.g., during the preparation phase).The conference system administrator actions include monitoring foradditional occurrences where the MPMST threshold has been exceeded by anattendee of the conference call, terminating the conference call, and/orblocking the account from further usage (i.e., voiding the moderator IDand/or passcode).

The processor determines whether to log information for future referenceand reporting into, for example, a report database (439). The processorlogs information (440) by saving a report of the occurrence, wherein thereport includes, for example, at least one of the MPMST threshold, thetime periods since the attendees accessed the conference calling systemand when a moderator ID and/or passcode was entered into the conferencecalling system, the moderator ID and/or passcode, the time and date thatthe MPMST threshold was exceeded, the total number of moderator IDsand/or passcodes entered into the conference calling system, the totalnumber of participant passcodes entered, the telephone numbers of theattendees that called into the conference calling system (obtained froma caller-identification system), and a detailed description of theresponse action(s) taken after the MPMST threshold was exceeded, e.g.,identification of personnel who received alerts from the conferencecalling system. Information in the report is utilized to identifytrends, track moderator ID and/or passcode usage, and/or for detailedreview by the conference system administrator and/or personnel withinthe true moderator's company. For example, in at least one embodiment,the conference system administrator compares reports that have beencollected over time in order to identify trends, such as a particularpasscode that repeatedly violates the MPMST threshold and/or aparticular time of day that the MPMST threshold is frequently violated.

The processor also performs other actions as determined by users of theconference calling system (450). For example, in at least one embodimentof the invention, the processor requests additional identificationand/or credentials from the attendee that accessed the conferencecalling system too early. The identification includes the attendee'scorporate employee number and/or ID badge number. The credentials mayinclude, for example, at least one of the attendee's home telephonenumber, home address, mobile telephone number, e-mail address, officetelephone number, office address, and secret question(s) entered whenthe attendee was assigned the passcode(s) (e.g., pet's name, date ofbirth, mother's maiden name). The conference calling system determineswhether the information entered by the attendee that accessed theconference calling system too early matches the actual identificationand/or credentials of the attendees. In at least one embodiment, theactual identification and/or credentials are obtained from the attendeesduring the preparation phase.

In another embodiment of the invention, the processor also determineswhether to alert others (in addition to or alternatively to the personassigned the passcode and/or the moderator). Alerting others includessending an alert indicating that the MPMST threshold has been exceededto at least one of administrative personnel of the conference callingsystem provider and security personnel employed by the true moderator'scompany who is responsible for tracking risks and investigating fraudacross the company. In another embodiment, the conference calling systemvoids the passcode entered by the attendee that accessed the conferencecalling system too early. For example, in at least one embodiment, apasscode is voided or temporarily disabled after 5 unsuccessful attemptsto access the conference calling system in a 24 hour period. In yetanother embodiment, the conference calling system automatically capturesan audio recording of the conference call when the MPMST threshold isexceeded. In still yet another alternative embodiment, the responseactions illustrated in FIG. 4 are performed in another order, e.g., theconference system administer is alerted prior to alerting the moderator.

FIG. 5 is a flow diagram illustrating a method for detecting fraudulentuse in a conference calling system according to an embodiment of theinvention. A threshold period is received, wherein the threshold periodindicates the maximum allowable time period for a participant of aconference call to enter the conference call prior to the entry of themoderator of the conference call (510). The threshold period (alsoreferred to herein as the “Maximum Prior to Meeting Start Timethreshold” or “MPMST threshold”) is received from a user interface 610during the preparation phase (See FIG. 6). The MPMST threshold is usedto identify potential intruders who have entered the conference call tooearly. For example, the MPMST threshold is set to identify a potentialintruder who has entered the conference call more than one hour beforethe moderator.

In another embodiment, the threshold period indicates the maximumallowable time period for an attendee of the conference call to enterthe conference call prior to a scheduled start time for the conferencecall. Thus, for example, if the conference call was scheduled for 1:00p.m. and the threshold period is 60 minutes, an attendee entering theconference call at 11:30 a.m. would violate the threshold period.

A receiver 620 receives passcodes to enter the conference call from theattendees. A monitoring module 630 detects the reception of thepasscodes by the receiver 620. Thus, the monitoring module 630 detectsentry of the moderator into the conference call (520) and entry of theparticipants into the conference call (530). In at least one embodiment,the monitoring module 630 sends a message to a processor 640 indicatingthe time of entry of the attendees of the conference call.

The processor 640 determines a waiting period for one or more of theparticipants (540), wherein the waiting period represents the timeperiod between the entry of the moderator and the entry of theparticipant. In another embodiment, the waiting period represents thetime period between entry of an attendee and the scheduled start time ofthe conference call. The processor 640 compares the waiting period tothe threshold period (550). If the threshold period exceeds the waitingperiod, the conference call is allowed to continue. However, actions areperformed with the processor 640 if the waiting period exceeds thethreshold period (560).

The actions (also referred to herein as “response actions”) include, inat least one embodiment, sending an alert indicating that the waitingperiod exceeded the threshold period to the moderator, an administratorof the conference calling system, participants of the conference call,and/or security personnel of the teleconference provider and/or at leastone company employing a participant of the teleconference call. Thealert is sent from an alert module 642 in the processor 640, wherein thealert includes a time stamped e-mail, text message, instant message,facsimile, and/or other form of communication indicating that aparticipant has entered the conference call too early. In anotherembodiment, the alert module is outside of the processor 640. In atleast one embodiment of the invention, the alert also includes the totalnumber of attendees, i.e., the total number of moderator IDs and/orpasscodes and participant passcodes entered into the conference call,the time periods since the participants joined the conference call, andwhen the moderator ID and/or passcode was entered.

In at least one embodiment, the actions validate credentials of theparticipants by verifying information obtained from authorized users inthe preparation phase. More specifically, passcodes to enter theconference call are received from the participants. For each passcodeentered, user information is obtained from the person assigned thepasscode. As described above, the user information can be obtainedduring the preparation phase and retrieved by the processor duringperformance of the response actions. The user information includes anemployee number, an identification badge number, a home telephonenumber, a home address, a mobile telephone number, an e-mail address, anoffice telephone number, an office address, and/or answer(s) to securityquestion(s) entered by the person assigned the passcode. In at least oneembodiment, the user information is input into an electronic database bythe system administrator, moderator, and/or another employee of theuser's company, wherein the user information is subsequently retrievedfrom the database for validation purposes.

Validation information is obtained from the participant who entered thepasscode. If the first information matches the second information, analert is sent to the participant indicating that the waiting periodexceeds the threshold period. If the first information does not matchthe second information, actions are performed by the processor 640.

In at least one embodiment of the invention, further actions includepermitting the administrator of the conference calling system to enterthe conference call, disconnecting a participant from the conferencecall, terminating the conference call, and/or voiding a passcode to theconference call.

Another action generates and stores a report (e.g., in an electronicdatabase) via a report generating module 644 in the processor 640. Inanother embodiment, the report generating module 644 is outside theprocessor 640. In at least one embodiment, the report includes the timeof entry of the moderator, the time of the entry of the participants,the threshold period, the waiting periods, and/or the passcodes to theconference call. The report also includes the actions performed,including the user information from the person assigned a passcode, andthe validation information from the participant. As described above,information in the report is utilized to identify trends, trackmoderator ID and/or passcode usage, and/or for detailed review by theconference system administrator and/or personnel within the truemoderator's company. For example, in at least one embodiment, theconference system administrator compares reports that have beencollected over time in order to identify trends, such as a particularpasscode that repeatedly violates the MPMST threshold and/or aparticular time of day that the MPMST threshold is frequently violated.

Accordingly, an embodiment of the invention includes systems andmethodologies to investigate potential fraudulent activity on conferencecalling systems. The occurrence of a potential fraudulent condition isidentified, such that rapid response actions may be taken. Theembodiments of the invention can save thousands of dollars in fraudulenttoll charges. Moreover, the ability to identify fraudulent activity canprevent the loss of information.

As will be appreciated by one skilled in the art, aspects of the presentinvention may be embodied as a system, method or computer programproduct. Accordingly, aspects of the present invention may take the formof an entirely hardware embodiment, an entirely software embodiment(including firmware, resident software, micro-code, etc.) or anembodiment combining software and hardware aspects that may allgenerally be referred to herein as a “circuit,” “module” or “system.”Furthermore, aspects of the present invention may take the form of acomputer program product embodied in one or more computer readablemedium(s) having computer readable program code embodied thereon.

Any combination of one or more computer readable medium(s) may beutilized. The computer readable medium may be a computer readable signalmedium or a non-transitory computer readable storage medium. Anon-transitory computer readable storage medium may be, for example, butnot limited to, an electronic, magnetic, optical, electromagnetic,infrared, or semiconductor system, apparatus, or device, or any suitablecombination of the foregoing. More specific examples (a non-exhaustivelist) of the non-transitory computer readable storage medium wouldinclude the following: an electrical connection having one or morewires, a portable computer diskette, a hard disk, a random access memory(RAM), a read-only memory (ROM), an erasable programmable read-onlymemory (EPROM or Flash memory), an optical fiber, a portable compactdisc read-only memory (CD-ROM), an optical storage device, a magneticstorage device, or any suitable combination of the foregoing. In thecontext of this document, a non-transitory computer readable storagemedium may be any tangible medium that can contain, or store a programfor use by or in connection with an instruction execution system,apparatus, or device.

A computer readable signal medium may include a propagated data signalwith computer readable program code embodied therein, for example, inbaseband or as part of a carrier wave. Such a propagated signal may takeany of a variety of forms, including, but not limited to,electro-magnetic, optical, or any suitable combination thereof. Acomputer readable signal medium may be any computer readable medium thatis not a computer readable storage medium and that can communicate,propagate, or transport a program for use by or in connection with aninstruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmittedusing any appropriate medium, including but not limited to wireless,wireline, optical fiber cable, RF, etc., or any suitable combination ofthe foregoing.

Computer program code for carrying out operations for aspects of thepresent invention may be written in any combination of one or moreprogramming languages, including an object oriented programming languagesuch as Java, Smalltalk, C++ or the like and conventional proceduralprogramming languages, such as the “C” programming language or similarprogramming languages. The program code may execute entirely on theuser's computer, partly on the user's computer, as a stand-alonesoftware package, partly on the user's computer and partly on a remotecomputer or entirely on the remote computer or server. In the latterscenario, the remote computer may be connected to the user's computerthrough any type of network, including a local area network (LAN) or awide area network (WAN), or the connection may be made to an externalcomputer (for example, through the Internet using an Internet ServiceProvider).

Aspects of the present invention are described below with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems) and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer program instructions. These computer program instructions maybe provided to a processor of a general purpose computer, specialpurpose computer, or other programmable data processing apparatus toproduce a machine, such that the instructions, which execute via theprocessor of the computer or other programmable data processingapparatus, create means for implementing the functions/acts specified inthe flowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in a computerreadable medium that can direct a computer, other programmable dataprocessing apparatus, or other devices to function in a particularmanner, such that the instructions stored in the computer readablemedium produce an article of manufacture including instructions whichimplement the function/act specified in the flowchart and/or blockdiagram block or blocks.

The computer program instructions may also be loaded onto a computer,other programmable data processing apparatus, or other devices to causea series of operational steps to be performed on the computer, otherprogrammable apparatus or other devices to produce a computerimplemented process such that the instructions which execute on thecomputer or other programmable apparatus provide processes forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks.

Referring now to FIG. 7, a representative hardware environment forpracticing at least one embodiment of the invention is depicted. Thisschematic drawing illustrates a hardware configuration of an informationhandling/computer system in accordance with at least one embodiment ofthe invention. The system comprises at least one processor or centralprocessing unit (CPU) 10. The CPUs 10 are interconnected via system bus12 to various devices such as a random access memory (RAM) 14, read-onlymemory (ROM) 16, and an input/output (I/O) adapter 18. The I/O adapter18 can connect to peripheral devices, such as disk units 11 and tapedrives 13, or other program storage devices that are readable by thesystem. The system can read the inventive instructions on the programstorage devices and follow these instructions to execute the methodologyof at least one embodiment of the invention. The system further includesa user interface adapter 19 that connects a keyboard 15, mouse 17,speaker 24, microphone 22, and/or other user interface devices such as atouch screen device (not shown) to the bus 12 to gather user input.Additionally, a communication adapter 20 connects the bus 12 to a dataprocessing network 25, and a display adapter 21 connects the bus 12 to adisplay device 23 which may be embodied as an output device such as amonitor, printer, or transmitter, for example.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof code, which comprises one or more executable instructions forimplementing the specified logical function(s). It should also be notedthat, in some alternative implementations, the functions noted in theblock may occur out of the order noted in the figures. For example, twoblocks shown in succession may, in fact, be executed substantiallyconcurrently, or the blocks may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each block of the block diagrams and/or flowchart illustration, andcombinations of blocks in the block diagrams and/or flowchartillustration, can be implemented by special purpose hardware-basedsystems that perform the specified functions or acts, or combinations ofspecial purpose hardware and computer instructions.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the invention. Asused herein, the singular forms “a”, “an” and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. It will be further understood that the root terms “include”and/or “have”, when used in this specification, specify the presence ofstated features, integers, steps, operations, elements, and/orcomponents, but do not preclude the presence or addition of one or moreother features, integers, steps, operations, elements, components,and/or groups thereof.

The corresponding structures, materials, acts, and equivalents of allmeans plus function elements in the claims below are intended to includeany structure, or material, for performing the function in combinationwith other claimed elements as specifically claimed. The description ofthe present invention has been presented for purposes of illustrationand description, but is not intended to be exhaustive or limited to theinvention in the form disclosed. Many modifications and variations willbe apparent to those of ordinary skill in the art without departing fromthe scope and spirit of the invention. The embodiment was chosen anddescribed in order to best explain the principles of the invention andthe practical application, and to enable others of ordinary skill in theart to understand the invention for various embodiments with variousmodifications as are suited to the particular use contemplated.

1. A method for detecting fraudulent use in a conference calling system,said method including: receiving a threshold period, the thresholdperiod indicating a maximum allowable time period for a participant of aconference call to enter the conference call prior to the entry of themoderator of the conference call; detecting the entry of the moderatorinto the conference call; detecting entry of at least one participantinto the conference call; determining a waiting period for the at leastone participant, the waiting period including a time period between theentry of the at least one participant and the entry of the moderator;comparing the waiting period to the threshold period with a processor;and performing actions with the processor if the waiting period exceedsthe threshold period.
 2. The method according to claim 1, furtherincluding permitting the conference call to continue if the thresholdperiod exceeds the waiting period.
 3. The method according to claim 1,further including: receiving a passcode to enter the conference callfrom the at least one participant; obtaining first information from aperson assigned the passcode; obtaining second information from the atleast one participant; and determining whether the first informationmatches the second information.
 4. The method according to claim 3,wherein the actions include sending an alert to the at least oneparticipant if the first information matches the second information, thealert indicating that the waiting period exceeds the threshold period.5. The method according to claim 3, wherein the first informationincludes at least one of an employee number, an identification badgenumber, a home telephone number, a home address, a mobile telephonenumber, an e-mail address, an office telephone number, an officeaddress, and at least one answer to at least one security questionentered by the person assigned the passcode.
 6. The method according toclaim 1, wherein said of the actions includes sending an alert to atleast one of an administrator of the conference calling system, amoderator of the conference call, participants of the conference call,and at least one security personnel, the alert indicating that thewaiting period for at least one participant exceeded the thresholdperiod.
 7. The method according to claim 1, wherein the actions includeat least one of permitting an administrator of the conference callingsystem to enter the conference call, disconnecting the at least oneparticipant from the conference call, terminating the conference call,and voiding at least one passcode to the conference call.
 8. The methodaccording to claim 1, wherein the actions include generating and storinga report, where the report includes at least one of time of the entry ofthe moderator, time of the entry of at least one participant, thethreshold period, the waiting period, at least one passcode to theconference call, and the actions performed.
 9. The method according toclaim 8, wherein the actions include first information from a personassigned a passcode to the conference call, and second information fromthe at least one participant.
 10. A method for detecting fraudulent usein a conference calling system, said method including: receiving ascheduled start time for a conference call of the conference callingsystem; receiving a threshold period, the threshold period indicating amaximum allowable time period for an attendee of the conference call toenter the conference call prior to the scheduled start time for theconference call; determining a waiting period for at least one attendeeof the conference call, the waiting period including a time periodbetween a time that the at least one attendee entered the conferencecall and the scheduled start time of the conference call; comparing thewaiting period to the threshold period with a processor; and performingactions with the processor if the waiting period exceeds the thresholdperiod.
 11. The method according to claim 10, further includingpermitting the conference call to continue if the threshold periodexceeds the waiting period.
 12. The method according to claim 10,further including: receiving a passcode to enter the conference callfrom the at least one attendee; obtaining first information from aperson assigned the passcode; obtaining second information from the atleast one attendee; and determining whether the first informationmatches the second information.
 13. The method according to claim 12,wherein the actions include, sending an alert to the at least oneattendee if the first information matches the second information, thealert indicating that the waiting period exceeds the threshold period.14. The method according to claim 12, wherein the first informationincludes at least one of an employee number, an identification badgenumber, a telephone number, a home address, an e-mail address, an officeaddress, and at least one answer to at least one security questionentered by the person assigned the passcode.
 15. The method according toclaim 10, wherein said of the actions includes sending an alert to atleast one of an administrator of the conference calling system, amoderator of the conference call, participants of the conference call,and at least one security personnel, the alert indicating that thewaiting period for at least one attendee exceeded the threshold period.16. The method according to claim 10, wherein the actions include atleast one of permitting an administrator of the conference callingsystem to enter the conference call, disconnecting the at least oneattendee from the conference call, terminating the conference call, andvoiding at least one passcode to the conference call.
 17. The methodaccording to claim 10, wherein the actions include generating andstoring a report, where the report includes at least one of thescheduled start time for the conference call, the threshold period, thewaiting period, the time that the at least one attendee entered theconference call, at least one passcode to the conference call, and theactions performed.
 18. The method according to claim 17, wherein theactions include first information from a person assigned a passcode tothe conference call, and second information from the at least oneattendee.
 19. A system for detecting fraudulent use in a conferencecalling system, said system including: a user interface for receiving ascheduled start time for a conference call of said conference callingsystem and a threshold period, the threshold period including a maximumallowable time period for an attendee of the conference call to enterthe conference call prior to the scheduled start time for the conferencecall; and a processor operatively connected to said user interface, theprocessor: determines a waiting period for at least one attendee of theconference call, the waiting period including a time period between atime that the at least one attendee entered the conference call and thescheduled start time of the conference call; compares the waiting periodto the threshold period, and performs at least one of validation actionsand alert actions if the waiting period exceeds the threshold period.20. The system according to claim 19, wherein said processor permits theconference call to continue if the threshold period exceeds the waitingperiod.
 21. The system according to claim 19, wherein said systemfurther includes a receiver for receiving a passcode to enter theconference call from the at least one attendee, wherein said userinterface receives first information from a person assigned the passcodeand stores the first information in a database, said receiver receivessecond information from the at least one attendee, wherein saidprocessor determines whether the first information matches the secondinformation, and wherein said processor includes an alert module, saidalert module sends an alert to the at least one attendee if the firstinformation matches the second information, the alert indicating thatthe waiting period exceeds the threshold period.
 22. The systemaccording to claim 19, wherein said processor includes an alert module,said alert module sends an alert to at least one of an administrator ofsaid conference calling system, a moderator of the conference call,participants of the conference call, and at least one securitypersonnel, the alert indicating that the waiting period exceeds thethreshold period.
 23. The system according to claim 19, wherein saidprocessor does at least one of permits an administrator of saidconference calling system to enter the conference call, disconnects theat least one attendee from the conference call, terminates theconference call, and voids at least one passcode to the conference call.24. The system according to claim 19, further including a reportgenerating module for generating and storing a report, where the reportincludes at least one of the scheduled start time for the conferencecall, the threshold period, the waiting period, the time that the atleast one attendee entered the conference call, at least one passcode tothe conference call, the alert actions performed, and the validationactions performed, wherein the validation actions include firstinformation from a person assigned a passcode to the conference call,and second information from the at least one attendee.
 25. A computerprogram product for detecting fraudulent use in a conference callingsystem, said computer program product including: a non-transitorycomputer readable storage medium; first program instructions to receivea scheduled start time for a conference call of the conference callingsystem; second program instructions to receive a threshold period, thethreshold period including a maximum allowable time period for anattendee of the conference call to enter the conference call prior tothe scheduled start time for the conference call; third programinstructions to determine a waiting period for at least one attendee ofthe conference call, the waiting period including a time period betweena time that the at least one attendee entered the conference call andthe scheduled start time of the conference call; fourth programinstructions to compare the waiting period to the threshold period witha processor; and fifth program instructions to perform at least one ofvalidation actions and alert actions with the processor if the waitingperiod exceeds the threshold period, wherein said first programinstructions, said second program instructions, said third programinstructions, said fourth program instructions, and said fifth programinstructions are stored on said computer readable storage medium.